Groups & Fellowships

Group Membership & Scoped Permissions

Association and leadership inside groups are tracked at the individual contact level via the `group_members` junction.

Group Membership & Scoped Permissions

Association and leadership inside groups are tracked at the individual contact level via the group_members junction.

1. Group Roles (role)

Every member in a group is assigned a role in group_members which determines their capabilities and directory designation:

  • leader: The main servant responsible for the group. Has access to manage rosters, edit details, and record meeting attendance.
  • co_leader: Assistant leader with similar operational access to support the group’s activities.
  • member: General participant enrolled in the group.
  • volunteer: Helper or occasional servant attached to the group.

2. Group-Scoped RBAC Permissions

Kononia’s Dynamic RBAC system supports scoping permission grants to specific entities. This is defined in public.user_church_roles using the group_id column.

[User Session]

      ├─► Global Role: (group_id = NULL) ──► Global Access (All groups)

      └─► Scoped Role: (group_id = 123)  ──► Scoped Access (Only Group 123)

Scoped Leadership Access

  • Roster & Detail Management: A user with the role “Group Servant” scoped to a specific group_id inherits groups.view and groups.manage permissions only for that group.
  • Isolating Administrative Control: Scoped leaders can add members, update meeting details, and review reports for their assigned group, but are restricted from editing or viewing other groups in the organization.
  • UI Resolution: The usePermissions hook evaluates scopes automatically via canForGroup(permissionKey, groupId), selectively enabling controls on group detail pages.